Feature #843
closedCustom http logging filter functionality
Description
I think can be useful to have a blacklist filter functionality to disallow HTTP logging of web sites that match a list of regex on FQDNs.
From my point of view having logs about some web site like for example advertising web sites it's not useful from a security point of view and also it's a waste of hard disk space and computational power.
I thin can be useful to have an external file ( ex: disable_http_logging.sites ) that contains a list of regex ( ex: *.google\.com, .*advertising\.com ) that disallow HTTP logging functionality on matched regexp.
Updated by Victor Julien over 8 years ago
- Assignee deleted (
Victor Julien)
I think it could be interesting to make the logging depend on the rule language. E.g. by adding something like 'log:yes;' or 'log:no;'.
Updated by Victor Julien over 6 years ago
- Related to Feature #1005: conditional logging: controlling what gets logged added
Updated by Victor Julien over 6 years ago
Probably best implemented as suggested in #1005
Updated by Philippe Antoine over 1 year ago
Looks solved to me cf S-V test cond-log-http-testmyids
using rule config http any any -> any any (http.host; content:"test"; config:logging disable, type tx, scope tx; sid:1;)